From a43fb036ae6be17ecab7beeb218ed8b4664d4c37 Mon Sep 17 00:00:00 2001 From: Jen Sheerin Date: Fri, 20 Oct 2023 18:29:45 -0400 Subject: [PATCH 01/12] initial update --- examples/default/locals.tf | 17 +++ examples/default/main.tf | 38 +++-- examples/default/variables.tf | 87 +++++++++++ examples/private-endpoint/README.md | 112 +++++++++++++++ examples/private-endpoint/_footer.md | 4 + examples/private-endpoint/_header.md | 3 + examples/private-endpoint/main.tf | 68 +++++++++ examples/private-endpoint/variables.tf | 87 +++++++++++ locals.telemetry.tf | 2 +- locals.tf | 17 ++- main.private_endpoint.tf | 41 ++++++ main.telemetry.tf | 2 +- main.tf | 64 ++++++++- outputs.tf | 15 +- variables.tf | 190 ++++++++++++++++++++++++- 15 files changed, 724 insertions(+), 23 deletions(-) create mode 100644 examples/default/locals.tf create mode 100644 examples/default/variables.tf create mode 100644 examples/private-endpoint/README.md create mode 100644 examples/private-endpoint/_footer.md create mode 100644 examples/private-endpoint/_header.md create mode 100644 examples/private-endpoint/main.tf create mode 100644 examples/private-endpoint/variables.tf create mode 100644 main.private_endpoint.tf diff --git a/examples/default/locals.tf b/examples/default/locals.tf new file mode 100644 index 0000000..4383aec --- /dev/null +++ b/examples/default/locals.tf @@ -0,0 +1,17 @@ +# We pick a random region from this list. +locals { + role_definition_resource_substring = "/providers/Microsoft.Authorization/roleDefinitions" + azure_regions = [ + "westeurope", + "northeurope", + "eastus", + "eastus2", + "westus", + "westus2", + "southcentralus", + "northcentralus", + "centralus", + "eastasia", + "southeastasia", + ] +} \ No newline at end of file diff --git a/examples/default/main.tf b/examples/default/main.tf index 39a38fb..d44daa8 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -5,17 +5,15 @@ terraform { source = "hashicorp/azurerm" version = ">= 3.7.0, < 4.0.0" } + random = { + source = "hashicorp/random" + version = ">= 3.5.0, < 4.0.0" + } } } -variable "enable_telemetry" { - type = bool - default = true - description = < +# Default example + +This deploys the module in its simplest form. + +```hcl +terraform { + required_version = ">= 1.0.0" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 3.7.0, < 4.0.0" + } + } +} + +variable "enable_telemetry" { + type = bool + default = true + description = < +## Requirements + +The following requirements are needed by this module: + +- [terraform](#requirement\_terraform) (>= 1.0.0) + +- [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0) + +## Providers + +The following providers are used by this module: + +- [azurerm](#provider\_azurerm) (>= 3.7.0, < 4.0.0) + +## Resources + +The following resources are used by this module: + +- [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource) + + +## Required Inputs + +No required inputs. + +## Optional Inputs + +The following input variables are optional (have default values): + +### [enable\_telemetry](#input\_enable\_telemetry) + +Description: This variable controls whether or not telemetry is enabled for the module. +For more information see https://aka.ms/avm/telemetryinfo. +If it is set to false, then no telemetry will be collected. + +Type: `bool` + +Default: `true` + +## Outputs + +No outputs. + +## Modules + +The following Modules are called: + +### [MYMODULE](#module\_MYMODULE) + +Source: ../../ + +Version: + +### [naming](#module\_naming) + +Source: Azure/naming/azurerm + +Version: 0.3.0 + + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. + \ No newline at end of file diff --git a/examples/private-endpoint/_footer.md b/examples/private-endpoint/_footer.md new file mode 100644 index 0000000..bc56bcb --- /dev/null +++ b/examples/private-endpoint/_footer.md @@ -0,0 +1,4 @@ + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/examples/private-endpoint/_header.md b/examples/private-endpoint/_header.md new file mode 100644 index 0000000..9eb0b85 --- /dev/null +++ b/examples/private-endpoint/_header.md @@ -0,0 +1,3 @@ +# Default example + +This deploys the module in its simplest form. diff --git a/examples/private-endpoint/main.tf b/examples/private-endpoint/main.tf new file mode 100644 index 0000000..27eac81 --- /dev/null +++ b/examples/private-endpoint/main.tf @@ -0,0 +1,68 @@ +terraform { + required_version = ">= 1.0.0" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 3.7.0, < 4.0.0" + } + random = { + source = "hashicorp/random" + version = ">= 3.5.0, < 4.0.0" + } + } +} + +# This ensures we have unique CAF compliant names for our resources. +module "naming" { + source = "Azure/naming/azurerm" + version = "0.3.0" +} + +provider "azurerm" { + features {} +} + + +# This is required for resource modules +resource "azurerm_resource_group" "rghp" { + name = module.naming.resource_group.name_unique + location = var.location +} + +# A vnet is required for the private endpoint. +resource "azurerm_virtual_network" "this" { + name = module.naming.virtual_network.name_unique + location = azurerm_resource_group.rghp.location + resource_group_name = azurerm_resource_group.rghp.name + address_space = ["192.168.0.0/24"] +} + +resource "azurerm_subnet" "this" { + name = module.naming.subnet.name_unique + resource_group_name = azurerm_resource_group.rghp.name + virtual_network_name = azurerm_virtual_network.this.name + address_prefixes = ["192.168.0.0/24"] +} + +resource "azurerm_private_dns_zone" "this" { + name = "privatelink.wvd.microsoft.com" + resource_group_name = azurerm_resource_group.rghp.name +} + +# This is the module call +module "hostpool" { + source = "../../" + enable_telemetry = var.enable_telemetry + hostpool = var.hostpool + hostpooltype = var.hostpooltype + location = azurerm_resource_group.rghp.location + resource_group_name = azurerm_resource_group.rghp.name + avdlawrgname = var.avdlawrgname + avdlaworkspace = var.avdlaworkspace + private_endpoints = { + primary = { + private_dns_zone_resource_ids = [azurerm_private_dns_zone.this.id] + subnet_resource_id = azurerm_subnet.this.id + } + } +} diff --git a/examples/private-endpoint/variables.tf b/examples/private-endpoint/variables.tf new file mode 100644 index 0000000..03df833 --- /dev/null +++ b/examples/private-endpoint/variables.tf @@ -0,0 +1,87 @@ +variable "enable_telemetry" { + type = bool + default = true + description = < assoc } +} \ No newline at end of file diff --git a/main.private_endpoint.tf b/main.private_endpoint.tf new file mode 100644 index 0000000..5a0c124 --- /dev/null +++ b/main.private_endpoint.tf @@ -0,0 +1,41 @@ +resource "azurerm_private_endpoint" "this" { + for_each = var.private_endpoints + name = each.value.name != null ? each.value.name : "pe-${var.hostpool}" + location = each.value.location != null ? each.value.location : var.location + resource_group_name = each.value.resource_group_name != null ? each.value.resource_group_name : var.resource_group_name + subnet_id = each.value.subnet_resource_id + custom_network_interface_name = each.value.network_interface_name + + private_service_connection { + name = each.value.private_service_connection_name != null ? each.value.private_service_connection_name : "pse-${var.hostpool}" + private_connection_resource_id = azurerm_virtual_desktop_host_pool.hostpool.id + is_manual_connection = false + subresource_names = ["connection"] + } + + dynamic "private_dns_zone_group" { + for_each = length(each.value.private_dns_zone_resource_ids) > 0 ? ["this"] : [] + + content { + name = each.value.private_dns_zone_group_name + private_dns_zone_ids = each.value.private_dns_zone_resource_ids + } + } + + dynamic "ip_configuration" { + for_each = each.value.ip_configurations + + content { + name = ip_configuration.value.name + subresource_name = ["connection"] + member_name = ["connection"] + private_ip_address = ip_configuration.value.private_ip_address + } + } +} + +resource "azurerm_private_endpoint_application_security_group_association" "this" { + for_each = local.private_endpoint_application_security_group_associations + private_endpoint_id = azurerm_private_endpoint.this[each.value.pe_key].id + application_security_group_id = each.value.asg_resource_id +} diff --git a/main.telemetry.tf b/main.telemetry.tf index bf05240..88e56f0 100644 --- a/main.telemetry.tf +++ b/main.telemetry.tf @@ -1,5 +1,5 @@ resource "random_id" "telem" { - count = local.enable_telemetry ? 1 : 0 + count = var.enable_telemetry ? 1 : 0 byte_length = 4 } diff --git a/main.tf b/main.tf index 840498f..68ad763 100644 --- a/main.tf +++ b/main.tf @@ -1 +1,63 @@ -# TODO: insert resources here. +# Create Azure Virtual Desktop host pool +resource "azurerm_virtual_desktop_host_pool" "hostpool" { + location = var.location # The location where the host pool will be created. + resource_group_name = var.resource_group_name # The name of the resource group in which to create the host pool. + name = var.hostpool + friendly_name = var.hostpool + validate_environment = false # [true false] + custom_rdp_properties = "drivestoredirect:s:*;audiomode:i:0;videoplaybackmode:i:1;redirectclipboard:i:1;redirectprinters:i:1;devicestoredirect:s:*;redirectcomports:i:1;redirectsmartcards:i:1;usbdevicestoredirect:s:*;enablecredsspsupport:i:1;use multimon:i:0" + description = "HostPool" + type = var.hostpooltype # ["Pooled" "Personal"] + maximum_sessions_allowed = var.maxsessions + load_balancer_type = "BreadthFirst" #["BreadthFirst" "DepthFirst"] + start_vm_on_connect = "true" # [true false] + tags = var.tags + scheduled_agent_updates { + enabled = "true" + timezone = "UTC" + use_session_host_timezone = "false" # [true false] + schedule { + day_of_week = var.day_of_week # ["Sunday" "Monday" "Tuesday" "Wednesday" "Thursday" "Friday" "Saturday"] + hour_of_day = var.hour_of_day # [0-23] + } + } +} + +# Registration information for the host pool. +resource "azurerm_virtual_desktop_host_pool_registration_info" "registrationinfo" { + hostpool_id = azurerm_virtual_desktop_host_pool.hostpool.id + expiration_date = timeadd(timestamp(), "48h") +} + +# Create Diagnostic Settings for AVD Host Pool +resource "azurerm_monitor_diagnostic_setting" "hpdiag" { + name = var.diagname + target_resource_id = azurerm_virtual_desktop_host_pool.hostpool.id + log_analytics_workspace_id = var.avdlaworkspace + + dynamic "enabled_log" { + for_each = var.host_pool_log_categories + content { + category = enabled_log.value + } + } +} + +resource "azurerm_role_assignment" "this" { + for_each = var.role_assignments + scope = azurerm_virtual_desktop_host_pool.hostpool.id + role_definition_id = strcontains(lower(each.value.role_definition_id_or_name), lower(local.role_definition_resource_substring)) ? each.value.role_definition_id_or_name : null + role_definition_name = strcontains(lower(each.value.role_definition_id_or_name), lower(local.role_definition_resource_substring)) ? null : each.value.role_definition_id_or_name + principal_id = each.value.principal_id + condition = each.value.condition + condition_version = each.value.condition_version + skip_service_principal_aad_check = each.value.skip_service_principal_aad_check + delegated_managed_identity_resource_id = each.value.delegated_managed_identity_resource_id +} + +resource "azurerm_management_lock" "this" { + count = var.lock.kind != "None" ? 1 : 0 + name = coalesce(var.lock.name, "lock-${var.hostpool}") + scope = azurerm_virtual_desktop_host_pool.hostpool.id + lock_level = var.lock.kind +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 9557116..b955c49 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1 +1,14 @@ -# TODO: insert outputs here. +output "azure_virtual_desktop_host_pool" { + description = "Name of the Azure Virtual Desktop host pool" + value = azurerm_virtual_desktop_host_pool.hostpool.name +} + +output "azure_virtual_desktop_host_pool_id" { + description = "ID of the Azure Virtual Desktop host pool" + value = azurerm_virtual_desktop_host_pool.hostpool.id +} + +output "private_endpoints" { + value = azurerm_private_endpoint.this + description = "A map of private endpoints. The map key is the supplied input to var.private_endpoints. The map value is the entire azurerm_private_endpoint resource." +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 06a5270..8f96898 100644 --- a/variables.tf +++ b/variables.tf @@ -3,13 +3,197 @@ variable "enable_telemetry" { default = true description = <= 0 && var.hour_of_day <= 23 + error_message = "The hour of the day must be between 0 and 23." + } +} + +variable "tags" { + type = map(any) + description = "Map of tags to assign to the Key Vault resource." + default = null +} + +# Diagnostic Settings variables +# Define the input variable for the log categories to be enabled for the host pool +variable "host_pool_log_categories" { + type = list(string) + description = "Value of the log categories to be enabled for the host pool" + default = ["Checkpoint", "Management", "Connection", "HostRegistration", "AgentHealthStatus", "NetworkData", "SessionHostManagement", "ConnectionGraphicsData", "Error"] + +} + +# Define the input variable for the name of the AVD Log Analytics Workspace +# It is recommended to have a single Log Analytics Workspace for all AVD resources +variable "avdlaworkspace" { + description = "The Resource ID of the AVD Log Analytics Workspace" } + +variable "avdlawrgname" { + description = "Name of the AVD Log Analytics Workspace Resource Group" +} + +variable "diagname" { + type = string + description = "Name of the Diagnostic Setting" + default = "hplogs" +} + +# tflint-ignore: terraform_unused_declarations +variable "tracing_tags_enabled" { + type = bool + default = false + description = "Whether enable tracing tags that generated by BridgeCrew Yor." + nullable = false +} + +# tflint-ignore: terraform_unused_declarations +variable "tracing_tags_prefix" { + type = string + default = "avm_" + description = "Default prefix for generated tracing tags" + nullable = false +} + +variable "lock" { + type = object({ + name = optional(string, null) + kind = optional(string, "None") + }) + description = "The lock level to apply to the AVD Host Pool. Default is `ReadOnly`. Possible values are`Delete`, and `ReadOnly`." + default = {} + nullable = false + validation { + condition = contains(["None", "Delete", "ReadOnly"], var.lock.kind) + error_message = "The lock level must be one of: 'Delete', or 'ReadOnly'." + } +} + +variable "role_assignments" { + type = map(object({ + role_definition_id_or_name = string + principal_id = string + condition = string + condition_version = string + skip_service_principal_aad_check = bool + delegated_managed_identity_resource_id = string + })) + default = {} + description = < Note: only set `skip_service_principal_aad_check` to true if you are assigning a role to a service principal. +DESCRIPTION +} + +variable "private_endpoints" { + type = map(object({ + name = optional(string, null) + role_assignments = optional(map(object({ + role_definition_id_or_name = string + principal_id = string + description = optional(string, null) + skip_service_principal_aad_check = optional(bool, false) + condition = optional(string, null) + condition_version = optional(string, null) + delegated_managed_identity_resource_id = optional(string, null) + })), {}) + lock = optional(object({ + name = optional(string, null) + kind = optional(string, "None") + }), {}) + tags = optional(map(any), null) + subnet_resource_id = string + private_dns_zone_group_name = optional(string, "default") + private_dns_zone_resource_ids = optional(set(string), []) + application_security_group_associations = optional(map(string), {}) + private_service_connection_name = optional(string, null) + network_interface_name = optional(string, null) + location = optional(string, null) + resource_group_name = optional(string, null) + ip_configurations = optional(map(object({ + name = string + private_ip_address = string + })), {}) + })) + default = {} + description = < Date: Sat, 21 Oct 2023 14:38:25 -0400 Subject: [PATCH 02/12] doc updates --- README.md | 232 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 229 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8b66e20..f995b78 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,14 @@ The following providers are used by this module: The following resources are used by this module: +- [azurerm_management_lock.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) (resource) +- [azurerm_monitor_diagnostic_setting.hpdiag](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) (resource) +- [azurerm_private_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) (resource) +- [azurerm_private_endpoint_application_security_group_association.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint_application_security_group_association) (resource) - [azurerm_resource_group_template_deployment.telemetry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment) (resource) +- [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource) +- [azurerm_virtual_desktop_host_pool.hostpool](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_host_pool) (resource) +- [azurerm_virtual_desktop_host_pool_registration_info.registrationinfo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_host_pool_registration_info) (resource) - [random_id.telem](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) (resource) @@ -46,9 +53,39 @@ The following resources are used by this module: The following input variables are required: +### [avdlaworkspace](#input\_avdlaworkspace) + +Description: The Resource ID of the AVD Log Analytics Workspace + +Type: `any` + +### [avdlawrgname](#input\_avdlawrgname) + +Description: Name of the AVD Log Analytics Workspace Resource Group + +Type: `any` + +### [hostpool](#input\_hostpool) + +Description: The name of the AVD Host Pool. + +Type: `string` + +### [hostpooltype](#input\_hostpooltype) + +Description: The type of the AVD Host Pool. Valid values are 'Pooled' and 'Personal'. + +Type: `string` + +### [location](#input\_location) + +Description: The Azure location where the resources will be deployed. + +Type: `string` + ### [resource\_group\_name](#input\_resource\_group\_name) -Description: The resource group where the resources will be deployed. +Description: The name of the resource group where the resources will be deployed. Type: `string` @@ -56,19 +93,208 @@ Type: `string` The following input variables are optional (have default values): +### [day\_of\_week](#input\_day\_of\_week) + +Description: The day of the week to apply the schedule to. + +Type: `string` + +Default: `"Sunday"` + +### [diagname](#input\_diagname) + +Description: Name of the Diagnostic Setting + +Type: `string` + +Default: `"hplogs"` + ### [enable\_telemetry](#input\_enable\_telemetry) Description: This variable controls whether or not telemetry is enabled for the module. -For more information see https://aka.ms/avm/telemetryinfo. +For more information see https://aka.ms/avm/telemetry. If it is set to false, then no telemetry will be collected. Type: `bool` Default: `true` +### [host\_pool\_log\_categories](#input\_host\_pool\_log\_categories) + +Description: Value of the log categories to be enabled for the host pool + +Type: `list(string)` + +Default: + +```json +[ + "Checkpoint", + "Management", + "Connection", + "HostRegistration", + "AgentHealthStatus", + "NetworkData", + "SessionHostManagement", + "ConnectionGraphicsData", + "Error" +] +``` + +### [hour\_of\_day](#input\_hour\_of\_day) + +Description: The hour of the day to apply the schedule to. + +Type: `number` + +Default: `2` + +### [lock](#input\_lock) + +Description: The lock level to apply to the AVD Host Pool. Default is `ReadOnly`. Possible values are`Delete`, and `ReadOnly`. + +Type: + +```hcl +object({ + name = optional(string, null) + kind = optional(string, "None") + }) +``` + +Default: `{}` + +### [maxsessions](#input\_maxsessions) + +Description: The maximum number of sessions allowed on each session host in the host pool. + +Type: `number` + +Default: `16` + +### [private\_endpoints](#input\_private\_endpoints) + +Description: A map of private endpoints to create on the Key Vault. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. + +- `name` - (Optional) The name of the private endpoint. One will be generated if not set. +- `role_assignments` - (Optional) A map of role assignments to create on the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. See `var.role_assignments` for more information. +- `lock` - (Optional) The lock level to apply to the private endpoint. Default is `None`. Possible values are `None`, `CanNotDelete`, and `ReadOnly`. +- `tags` - (Optional) A mapping of tags to assign to the private endpoint. +- `subnet_resource_id` - The resource ID of the subnet to deploy the private endpoint in. +- `private_dns_zone_group_name` - (Optional) The name of the private DNS zone group. One will be generated if not set. +- `private_dns_zone_resource_ids` - (Optional) A set of resource IDs of private DNS zones to associate with the private endpoint. If not set, no zone groups will be created and the private endpoint will not be associated with any private DNS zones. DNS records must be managed external to this module. +- `application_security_group_resource_ids` - (Optional) A map of resource IDs of application security groups to associate with the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. +- `private_service_connection_name` - (Optional) The name of the private service connection. One will be generated if not set. +- `network_interface_name` - (Optional) The name of the network interface. One will be generated if not set. +- `location` - (Optional) The Azure location where the resources will be deployed. Defaults to the location of the resource group. +- `resource_group_name` - (Optional) The resource group where the resources will be deployed. Defaults to the resource group of the Key Vault. +- `ip_configurations` - (Optional) A map of IP configurations to create on the private endpoint. If not specified the platform will create one. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. + - `name` - The name of the IP configuration. + - `private_ip_address` - The private IP address of the IP configuration. + +Type: + +```hcl +map(object({ + name = optional(string, null) + role_assignments = optional(map(object({ + role_definition_id_or_name = string + principal_id = string + description = optional(string, null) + skip_service_principal_aad_check = optional(bool, false) + condition = optional(string, null) + condition_version = optional(string, null) + delegated_managed_identity_resource_id = optional(string, null) + })), {}) + lock = optional(object({ + name = optional(string, null) + kind = optional(string, "None") + }), {}) + tags = optional(map(any), null) + subnet_resource_id = string + private_dns_zone_group_name = optional(string, "default") + private_dns_zone_resource_ids = optional(set(string), []) + application_security_group_associations = optional(map(string), {}) + private_service_connection_name = optional(string, null) + network_interface_name = optional(string, null) + location = optional(string, null) + resource_group_name = optional(string, null) + ip_configurations = optional(map(object({ + name = string + private_ip_address = string + })), {}) + })) +``` + +Default: `{}` + +### [role\_assignments](#input\_role\_assignments) + +Description: A map of role assignments to create on the AVD Host Pool. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. + +- `role_definition_id_or_name` - The ID or name of the role definition to assign to the principal. +- `principal_id` - The ID of the principal to assign the role to. +- `description` - The description of the role assignment. +- `skip_service_principal_aad_check` - If set to true, skips the Azure Active Directory check for the service principal in the tenant. Defaults to false. +- `condition` - The condition which will be used to scope the role assignment. +- `condition_version` - The version of the condition syntax. Valid values are '2.0'. + +> Note: only set `skip_service_principal_aad_check` to true if you are assigning a role to a service principal. + +Type: + +```hcl +map(object({ + role_definition_id_or_name = string + principal_id = string + condition = string + condition_version = string + skip_service_principal_aad_check = bool + delegated_managed_identity_resource_id = string + })) +``` + +Default: `{}` + +### [tags](#input\_tags) + +Description: Map of tags to assign to the Key Vault resource. + +Type: `map(any)` + +Default: `null` + +### [tracing\_tags\_enabled](#input\_tracing\_tags\_enabled) + +Description: Whether enable tracing tags that generated by BridgeCrew Yor. + +Type: `bool` + +Default: `false` + +### [tracing\_tags\_prefix](#input\_tracing\_tags\_prefix) + +Description: Default prefix for generated tracing tags + +Type: `string` + +Default: `"avm_"` + ## Outputs -No outputs. +The following outputs are exported: + +### [azure\_virtual\_desktop\_host\_pool](#output\_azure\_virtual\_desktop\_host\_pool) + +Description: Name of the Azure Virtual Desktop host pool + +### [azure\_virtual\_desktop\_host\_pool\_id](#output\_azure\_virtual\_desktop\_host\_pool\_id) + +Description: ID of the Azure Virtual Desktop host pool + +### [private\_endpoints](#output\_private\_endpoints) + +Description: A map of private endpoints. The map key is the supplied input to var.private\_endpoints. The map value is the entire azurerm\_private\_endpoint resource. ## Modules From 14b3f545801cfe6fadba5f1eb8db702aab8747a5 Mon Sep 17 00:00:00 2001 From: Jen Sheerin Date: Sat, 21 Oct 2023 14:49:41 -0400 Subject: [PATCH 03/12] doc update --- README.md | 4 ++-- variables.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f995b78..6b11f3c 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ The following input variables are optional (have default values): ### [day\_of\_week](#input\_day\_of\_week) -Description: The day of the week to apply the schedule to. +Description: The day of the week to apply the schedule agent update. Value must be one of: 'Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', or 'Saturday'. Type: `string` @@ -143,7 +143,7 @@ Default: ### [hour\_of\_day](#input\_hour\_of\_day) -Description: The hour of the day to apply the schedule to. +Description: The hour of the day to apply the schedule agent update. Value must be between 0 and 23. Type: `number` diff --git a/variables.tf b/variables.tf index 8f96898..42ce6c1 100644 --- a/variables.tf +++ b/variables.tf @@ -43,7 +43,7 @@ variable "maxsessions" { variable "day_of_week" { type = string - description = "The day of the week to apply the schedule to." + description = "The day of the week to apply the schedule agent update. Value must be one of: 'Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', or 'Saturday'." default = "Sunday" validation { condition = contains(["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"], var.day_of_week) @@ -53,7 +53,7 @@ variable "day_of_week" { variable "hour_of_day" { type = number - description = "The hour of the day to apply the schedule to." + description = "The hour of the day to apply the schedule agent update. Value must be between 0 and 23." default = 2 validation { condition = var.hour_of_day >= 0 && var.hour_of_day <= 23 From c08b36b64a659a25140d5e54073132a5de143730 Mon Sep 17 00:00:00 2001 From: Jen Sheerin Date: Sat, 21 Oct 2023 21:15:21 -0400 Subject: [PATCH 04/12] example updates --- examples/default/main.tf | 12 +++-- examples/default/variables.tf | 64 -------------------------- examples/private-endpoint/locals.tf | 17 +++++++ examples/private-endpoint/main.tf | 17 +++++-- examples/private-endpoint/variables.tf | 64 -------------------------- 5 files changed, 40 insertions(+), 134 deletions(-) create mode 100644 examples/private-endpoint/locals.tf diff --git a/examples/default/main.tf b/examples/default/main.tf index d44daa8..1f83b59 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -34,6 +34,12 @@ resource "azurerm_resource_group" "this" { location = local.azure_regions[random_integer.region_index.result] } +resource "azurerm_log_analytics_workspace" "this" { + name = module.naming.log_analytics_workspace.name_unique + resource_group_name = azurerm_resource_group.this.name + location = azurerm_resource_group.this.location +} + # This is the module call module "hostpool" { source = "../../" @@ -41,7 +47,7 @@ module "hostpool" { hostpool = var.hostpool hostpooltype = var.hostpooltype resource_group_name = azurerm_resource_group.this.name - location = var.location - avdlawrgname = var.avdlawrgname - avdlaworkspace = var.avdlaworkspace + location = azurerm_resource_group.this.location + avdlawrgname = azurerm_resource_group.this.name + avdlaworkspace = azurerm_log_analytics_workspace.this.id } \ No newline at end of file diff --git a/examples/default/variables.tf b/examples/default/variables.tf index 8890171..eea3ead 100644 --- a/examples/default/variables.tf +++ b/examples/default/variables.tf @@ -17,71 +17,7 @@ variable "hostpool" { } } -variable "location" { - type = string - description = "The Azure location where the resources will be deployed." -} - variable "hostpooltype" { type = string description = "The type of the AVD Host Pool. Valid values are 'Pooled' and 'Personal'." } - -variable "tags" { - type = map(any) - description = "Map of tags to assign to the Key Vault resource." - default = null -} - -# Diagnostic Settings variables -# Define the input variable for the log categories to be enabled for the host pool -variable "host_pool_log_categories" { - type = list(string) - description = "Value of the log categories to be enabled for the host pool" - default = ["Checkpoint", "Management", "Connection", "HostRegistration", "AgentHealthStatus", "NetworkData", "SessionHostManagement", "ConnectionGraphicsData", "Error"] - -} - -# Define the input variable for the name of the AVD Log Analytics Workspace -# It is recommended to have a single Log Analytics Workspace for all AVD resources -variable "avdlaworkspace" { - description = "Name of the AVD Log Analytics Workspace" -} - -variable "avdlawrgname" { - description = "Name of the AVD Log Analytics Workspace Resource Group" -} - -variable "diagname" { - type = string - description = "Name of the Diagnostic Setting" - default = "hplogs" -} - -variable "lock" { - type = object({ - name = optional(string, null) - kind = optional(string, "ReadOnly") - }) - description = "The lock level to apply to the AVD Host Pool. Default is `ReadOnly`. Possible values are`CanNotDelete`, and `ReadOnly`." - default = {} - nullable = false - validation { - condition = contains(["CanNotDelete", "ReadOnly"], var.lock.kind) - error_message = "The lock level must be one of: 'CanNotDelete', or 'ReadOnly'." - } -} - -variable "role_assignments" { - type = map(object({ - role_definition_id_or_name = string - principal_id = string - condition = string - condition_version = string - skip_service_principal_aad_check = bool - delegated_managed_identity_resource_id = string - })) - description = "Map of role assignments to assign to the host pool." - default = {} -} - \ No newline at end of file diff --git a/examples/private-endpoint/locals.tf b/examples/private-endpoint/locals.tf new file mode 100644 index 0000000..4383aec --- /dev/null +++ b/examples/private-endpoint/locals.tf @@ -0,0 +1,17 @@ +# We pick a random region from this list. +locals { + role_definition_resource_substring = "/providers/Microsoft.Authorization/roleDefinitions" + azure_regions = [ + "westeurope", + "northeurope", + "eastus", + "eastus2", + "westus", + "westus2", + "southcentralus", + "northcentralus", + "centralus", + "eastasia", + "southeastasia", + ] +} \ No newline at end of file diff --git a/examples/private-endpoint/main.tf b/examples/private-endpoint/main.tf index 27eac81..2da6b30 100644 --- a/examples/private-endpoint/main.tf +++ b/examples/private-endpoint/main.tf @@ -22,11 +22,16 @@ provider "azurerm" { features {} } +# This picks a random region from the list of regions. +resource "random_integer" "region_index" { + min = 0 + max = length(local.azure_regions) - 1 +} # This is required for resource modules resource "azurerm_resource_group" "rghp" { name = module.naming.resource_group.name_unique - location = var.location + location = local.azure_regions[random_integer.region_index.result] } # A vnet is required for the private endpoint. @@ -49,6 +54,12 @@ resource "azurerm_private_dns_zone" "this" { resource_group_name = azurerm_resource_group.rghp.name } +resource "azurerm_log_analytics_workspace" "this" { + name = module.naming.log_analytics_workspace.name_unique + resource_group_name = azurerm_resource_group.rghp.name + location = azurerm_resource_group.rghp.location +} + # This is the module call module "hostpool" { source = "../../" @@ -57,8 +68,8 @@ module "hostpool" { hostpooltype = var.hostpooltype location = azurerm_resource_group.rghp.location resource_group_name = azurerm_resource_group.rghp.name - avdlawrgname = var.avdlawrgname - avdlaworkspace = var.avdlaworkspace + avdlawrgname = azurerm_resource_group.rghp.name + avdlaworkspace = azurerm_log_analytics_workspace.this.id private_endpoints = { primary = { private_dns_zone_resource_ids = [azurerm_private_dns_zone.this.id] diff --git a/examples/private-endpoint/variables.tf b/examples/private-endpoint/variables.tf index 03df833..eea3ead 100644 --- a/examples/private-endpoint/variables.tf +++ b/examples/private-endpoint/variables.tf @@ -21,67 +21,3 @@ variable "hostpooltype" { type = string description = "The type of the AVD Host Pool. Valid values are 'Pooled' and 'Personal'." } - -variable "location" { - type = string - description = "The Azure location where the resources will be deployed." -} - -variable "tags" { - type = map(any) - description = "Map of tags to assign to the Key Vault resource." - default = null -} - -# Diagnostic Settings variables -# Define the input variable for the log categories to be enabled for the host pool -variable "host_pool_log_categories" { - type = list(string) - description = "Value of the log categories to be enabled for the host pool" - default = ["Checkpoint", "Management", "Connection", "HostRegistration", "AgentHealthStatus", "NetworkData", "SessionHostManagement", "ConnectionGraphicsData", "Error"] - -} - -# Define the input variable for the name of the AVD Log Analytics Workspace -# It is recommended to have a single Log Analytics Workspace for all AVD resources -variable "avdlaworkspace" { - description = "The resource ID of the AVD Log Analytics Workspace" -} - -variable "avdlawrgname" { - description = "Name of the AVD Log Analytics Workspace Resource Group" -} - -variable "diagname" { - type = string - description = "Name of the Diagnostic Setting" - default = "hplogs" -} - -variable "lock" { - type = object({ - name = optional(string, null) - kind = optional(string, "ReadOnly") - }) - description = "The lock level to apply to the AVD Host Pool. Default is `ReadOnly`. Possible values are`CanNotDelete`, and `ReadOnly`." - default = {} - nullable = false - validation { - condition = contains(["CanNotDelete", "ReadOnly"], var.lock.kind) - error_message = "The lock level must be one of: 'CanNotDelete', or 'ReadOnly'." - } -} - -variable "role_assignments" { - type = map(object({ - role_definition_id_or_name = string - principal_id = string - condition = string - condition_version = string - skip_service_principal_aad_check = bool - delegated_managed_identity_resource_id = string - })) - description = "Map of role assignments to assign to the host pool." - default = {} -} - \ No newline at end of file From 125243af653b2a417bf9674efb40f963907b9c2d Mon Sep 17 00:00:00 2001 From: Jen Sheerin Date: Tue, 24 Oct 2023 11:24:08 -0400 Subject: [PATCH 05/12] update --- README.md | 66 +++++++++++++------------------ examples/default/locals.tf | 18 ++++++--- examples/default/main.tf | 8 +++- examples/private-endpoint/main.tf | 26 ++++++------ main.tf | 22 ++++++++--- variables.tf | 56 +++++++++++++++----------- 6 files changed, 112 insertions(+), 84 deletions(-) diff --git a/README.md b/README.md index 6b11f3c..506b24c 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ The following providers are used by this module: The following resources are used by this module: - [azurerm_management_lock.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) (resource) -- [azurerm_monitor_diagnostic_setting.hpdiag](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) (resource) +- [azurerm_monitor_diagnostic_setting.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) (resource) - [azurerm_private_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) (resource) - [azurerm_private_endpoint_application_security_group_association.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint_application_security_group_association) (resource) - [azurerm_resource_group_template_deployment.telemetry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment) (resource) @@ -53,18 +53,6 @@ The following resources are used by this module: The following input variables are required: -### [avdlaworkspace](#input\_avdlaworkspace) - -Description: The Resource ID of the AVD Log Analytics Workspace - -Type: `any` - -### [avdlawrgname](#input\_avdlawrgname) - -Description: Name of the AVD Log Analytics Workspace Resource Group - -Type: `any` - ### [hostpool](#input\_hostpool) Description: The name of the AVD Host Pool. @@ -101,13 +89,35 @@ Type: `string` Default: `"Sunday"` -### [diagname](#input\_diagname) +### [diagnostic\_settings](#input\_diagnostic\_settings) -Description: Name of the Diagnostic Setting +Description: A map of diagnostic settings to create on the Key Vault. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. -Type: `string` +- `name` - (Optional) The name of the diagnostic setting. One will be generated if not set, however this will not be unique if you want to create multiple diagnostic setting resources. +- `log_categories` - (Optional) A set of log categories to send to the log analytics workspace. Defaults to `[]`. +- `log_groups` - (Optional) A set of log groups to send to the log analytics workspace. Defaults to `["allLogs"]`. +- `workspace_resource_id` - (Optional) The resource ID of the log analytics workspace to send logs and metrics to. +- `storage_account_resource_id` - (Optional) The resource ID of the storage account to send logs and metrics to. +- `event_hub_authorization_rule_resource_id` - (Optional) The resource ID of the event hub authorization rule to send logs and metrics to. +- `event_hub_name` - (Optional) The name of the event hub. If none is specified, the default event hub will be selected. +- `marketplace_partner_resource_id` - (Optional) The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic LogsLogs. -Default: `"hplogs"` +Type: + +```hcl +map(object({ + name = optional(string, null) + log_categories = optional(set(string), []) + log_groups = optional(set(string), ["allLogs"]) + workspace_resource_id = optional(string, null) + storage_account_resource_id = optional(string, null) + event_hub_authorization_rule_resource_id = optional(string, null) + event_hub_name = optional(string, null) + marketplace_partner_resource_id = optional(string, null) + })) +``` + +Default: `{}` ### [enable\_telemetry](#input\_enable\_telemetry) @@ -119,28 +129,6 @@ Type: `bool` Default: `true` -### [host\_pool\_log\_categories](#input\_host\_pool\_log\_categories) - -Description: Value of the log categories to be enabled for the host pool - -Type: `list(string)` - -Default: - -```json -[ - "Checkpoint", - "Management", - "Connection", - "HostRegistration", - "AgentHealthStatus", - "NetworkData", - "SessionHostManagement", - "ConnectionGraphicsData", - "Error" -] -``` - ### [hour\_of\_day](#input\_hour\_of\_day) Description: The hour of the day to apply the schedule agent update. Value must be between 0 and 23. diff --git a/examples/default/locals.tf b/examples/default/locals.tf index 4383aec..fddc571 100644 --- a/examples/default/locals.tf +++ b/examples/default/locals.tf @@ -2,16 +2,24 @@ locals { role_definition_resource_substring = "/providers/Microsoft.Authorization/roleDefinitions" azure_regions = [ - "westeurope", + "centralindia", + "uksouth", + "ukwest", + "japaneast", + "australiaeast", + "canadaeast", + "canadacentral", "northeurope", + "westeurope", "eastus", "eastus2", "westus", "westus2", - "southcentralus", + "westus3", "northcentralus", + "southcentralus", + "westcentralus", "centralus", - "eastasia", - "southeastasia", ] -} \ No newline at end of file +} + diff --git a/examples/default/main.tf b/examples/default/main.tf index 1f83b59..318dcfd 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -48,6 +48,10 @@ module "hostpool" { hostpooltype = var.hostpooltype resource_group_name = azurerm_resource_group.this.name location = azurerm_resource_group.this.location - avdlawrgname = azurerm_resource_group.this.name - avdlaworkspace = azurerm_log_analytics_workspace.this.id + diagnostic_settings = { + to_la = { + name = "to-la" + workspace_resource_id = azurerm_log_analytics_workspace.this.id + } + } } \ No newline at end of file diff --git a/examples/private-endpoint/main.tf b/examples/private-endpoint/main.tf index 2da6b30..e3a7667 100644 --- a/examples/private-endpoint/main.tf +++ b/examples/private-endpoint/main.tf @@ -29,7 +29,7 @@ resource "random_integer" "region_index" { } # This is required for resource modules -resource "azurerm_resource_group" "rghp" { +resource "azurerm_resource_group" "this" { name = module.naming.resource_group.name_unique location = local.azure_regions[random_integer.region_index.result] } @@ -37,27 +37,27 @@ resource "azurerm_resource_group" "rghp" { # A vnet is required for the private endpoint. resource "azurerm_virtual_network" "this" { name = module.naming.virtual_network.name_unique - location = azurerm_resource_group.rghp.location - resource_group_name = azurerm_resource_group.rghp.name + location = azurerm_resource_group.this.location + resource_group_name = azurerm_resource_group.this.name address_space = ["192.168.0.0/24"] } resource "azurerm_subnet" "this" { name = module.naming.subnet.name_unique - resource_group_name = azurerm_resource_group.rghp.name + resource_group_name = azurerm_resource_group.this.name virtual_network_name = azurerm_virtual_network.this.name address_prefixes = ["192.168.0.0/24"] } resource "azurerm_private_dns_zone" "this" { name = "privatelink.wvd.microsoft.com" - resource_group_name = azurerm_resource_group.rghp.name + resource_group_name = azurerm_resource_group.this.name } resource "azurerm_log_analytics_workspace" "this" { name = module.naming.log_analytics_workspace.name_unique - resource_group_name = azurerm_resource_group.rghp.name - location = azurerm_resource_group.rghp.location + resource_group_name = azurerm_resource_group.this.name + location = azurerm_resource_group.this.location } # This is the module call @@ -66,10 +66,14 @@ module "hostpool" { enable_telemetry = var.enable_telemetry hostpool = var.hostpool hostpooltype = var.hostpooltype - location = azurerm_resource_group.rghp.location - resource_group_name = azurerm_resource_group.rghp.name - avdlawrgname = azurerm_resource_group.rghp.name - avdlaworkspace = azurerm_log_analytics_workspace.this.id + location = azurerm_resource_group.this.location + resource_group_name = azurerm_resource_group.this.name + diagnostic_settings = { + to_law = { + name = "to-law" + workspace_resource_id = azurerm_log_analytics_workspace.this.id + } + } private_endpoints = { primary = { private_dns_zone_resource_ids = [azurerm_private_dns_zone.this.id] diff --git a/main.tf b/main.tf index 68ad763..aeb74b6 100644 --- a/main.tf +++ b/main.tf @@ -30,17 +30,29 @@ resource "azurerm_virtual_desktop_host_pool_registration_info" "registrationinfo } # Create Diagnostic Settings for AVD Host Pool -resource "azurerm_monitor_diagnostic_setting" "hpdiag" { - name = var.diagname - target_resource_id = azurerm_virtual_desktop_host_pool.hostpool.id - log_analytics_workspace_id = var.avdlaworkspace +resource "azurerm_monitor_diagnostic_setting" "this" { + for_each = var.diagnostic_settings + name = each.value.name != null ? each.value.name : "diag-${var.hostpool}" + target_resource_id = azurerm_virtual_desktop_host_pool.hostpool.id + storage_account_id = each.value.storage_account_resource_id + eventhub_authorization_rule_id = each.value.event_hub_authorization_rule_resource_id + eventhub_name = each.value.event_hub_name + partner_solution_id = each.value.marketplace_partner_resource_id + log_analytics_workspace_id = each.value.workspace_resource_id dynamic "enabled_log" { - for_each = var.host_pool_log_categories + for_each = each.value.log_categories content { category = enabled_log.value } } + + dynamic "enabled_log" { + for_each = each.value.log_groups + content { + category_group = enabled_log.value + } + } } resource "azurerm_role_assignment" "this" { diff --git a/variables.tf b/variables.tf index 42ce6c1..5c29469 100644 --- a/variables.tf +++ b/variables.tf @@ -67,29 +67,41 @@ variable "tags" { default = null } -# Diagnostic Settings variables -# Define the input variable for the log categories to be enabled for the host pool -variable "host_pool_log_categories" { - type = list(string) - description = "Value of the log categories to be enabled for the host pool" - default = ["Checkpoint", "Management", "Connection", "HostRegistration", "AgentHealthStatus", "NetworkData", "SessionHostManagement", "ConnectionGraphicsData", "Error"] - -} - -# Define the input variable for the name of the AVD Log Analytics Workspace -# It is recommended to have a single Log Analytics Workspace for all AVD resources -variable "avdlaworkspace" { - description = "The Resource ID of the AVD Log Analytics Workspace" -} - -variable "avdlawrgname" { - description = "Name of the AVD Log Analytics Workspace Resource Group" -} +variable "diagnostic_settings" { + type = map(object({ + name = optional(string, null) + log_categories = optional(set(string), []) + log_groups = optional(set(string), ["allLogs"]) + workspace_resource_id = optional(string, null) + storage_account_resource_id = optional(string, null) + event_hub_authorization_rule_resource_id = optional(string, null) + event_hub_name = optional(string, null) + marketplace_partner_resource_id = optional(string, null) + })) + default = {} + nullable = false -variable "diagname" { - type = string - description = "Name of the Diagnostic Setting" - default = "hplogs" + validation { + condition = alltrue( + [ + for _, v in var.diagnostic_settings : + v.workspace_resource_id != null || v.storage_account_resource_id != null || v.event_hub_authorization_rule_resource_id != null || v.marketplace_partner_resource_id != null + ] + ) + error_message = "At least one of `workspace_resource_id`, `storage_account_resource_id`, `marketplace_partner_resource_id`, or `event_hub_authorization_rule_resource_id`, must be set." + } + description = < Date: Tue, 24 Oct 2023 11:41:54 -0400 Subject: [PATCH 06/12] update readme --- examples/default/README.md | 68 ++++++++++++++----- examples/private-endpoint/README.md | 101 +++++++++++++++++++++++----- 2 files changed, 135 insertions(+), 34 deletions(-) diff --git a/examples/default/README.md b/examples/default/README.md index 41ece9b..d998d8e 100644 --- a/examples/default/README.md +++ b/examples/default/README.md @@ -11,17 +11,15 @@ terraform { source = "hashicorp/azurerm" version = ">= 3.7.0, < 4.0.0" } + random = { + source = "hashicorp/random" + version = ">= 3.5.0, < 4.0.0" + } } } -variable "enable_telemetry" { - type = bool - default = true - description = < [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0) +- [random](#requirement\_random) (>= 3.5.0, < 4.0.0) + ## Providers The following providers are used by this module: - [azurerm](#provider\_azurerm) (>= 3.7.0, < 4.0.0) +- [random](#provider\_random) (>= 3.5.0, < 4.0.0) + ## Resources The following resources are used by this module: +- [azurerm_log_analytics_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) (resource) - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource) +- [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource) ## Required Inputs -No required inputs. +The following input variables are required: + +### [hostpool](#input\_hostpool) + +Description: The name of the AVD Host Pool. + +Type: `string` + +### [hostpooltype](#input\_hostpooltype) + +Description: The type of the AVD Host Pool. Valid values are 'Pooled' and 'Personal'. + +Type: `string` ## Optional Inputs @@ -93,7 +129,7 @@ No outputs. The following Modules are called: -### [MYMODULE](#module\_MYMODULE) +### [hostpool](#module\_hostpool) Source: ../../ diff --git a/examples/private-endpoint/README.md b/examples/private-endpoint/README.md index 41ece9b..92a86d8 100644 --- a/examples/private-endpoint/README.md +++ b/examples/private-endpoint/README.md @@ -11,37 +11,81 @@ terraform { source = "hashicorp/azurerm" version = ">= 3.7.0, < 4.0.0" } + random = { + source = "hashicorp/random" + version = ">= 3.5.0, < 4.0.0" + } } } -variable "enable_telemetry" { - type = bool - default = true - description = < [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0) +- [random](#requirement\_random) (>= 3.5.0, < 4.0.0) + ## Providers The following providers are used by this module: - [azurerm](#provider\_azurerm) (>= 3.7.0, < 4.0.0) +- [random](#provider\_random) (>= 3.5.0, < 4.0.0) + ## Resources The following resources are used by this module: +- [azurerm_log_analytics_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) (resource) +- [azurerm_private_dns_zone.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) (resource) - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource) +- [azurerm_subnet.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) (resource) +- [azurerm_virtual_network.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) (resource) +- [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource) ## Required Inputs -No required inputs. +The following input variables are required: + +### [hostpool](#input\_hostpool) + +Description: The name of the AVD Host Pool. + +Type: `string` + +### [hostpooltype](#input\_hostpooltype) + +Description: The type of the AVD Host Pool. Valid values are 'Pooled' and 'Personal'. + +Type: `string` ## Optional Inputs @@ -93,7 +158,7 @@ No outputs. The following Modules are called: -### [MYMODULE](#module\_MYMODULE) +### [hostpool](#module\_hostpool) Source: ../../ From 02a8df0450e5e725d5f6d2db6398bfb56a846bbf Mon Sep 17 00:00:00 2001 From: Jen Sheerin Date: Tue, 24 Oct 2023 11:43:51 -0400 Subject: [PATCH 07/12] updates --- examples/default/README.md | 4 ++-- examples/default/main.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/default/README.md b/examples/default/README.md index d998d8e..6ea2eaf 100644 --- a/examples/default/README.md +++ b/examples/default/README.md @@ -55,8 +55,8 @@ module "hostpool" { resource_group_name = azurerm_resource_group.this.name location = azurerm_resource_group.this.location diagnostic_settings = { - to_la = { - name = "to-la" + to_law = { + name = "to-law" workspace_resource_id = azurerm_log_analytics_workspace.this.id } } diff --git a/examples/default/main.tf b/examples/default/main.tf index 318dcfd..e76e4e4 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -49,8 +49,8 @@ module "hostpool" { resource_group_name = azurerm_resource_group.this.name location = azurerm_resource_group.this.location diagnostic_settings = { - to_la = { - name = "to-la" + to_law = { + name = "to-law" workspace_resource_id = azurerm_log_analytics_workspace.this.id } } From 41ca04c8c82eb184431dcca7b51fc4c7f787d887 Mon Sep 17 00:00:00 2001 From: Jen Sheerin Date: Thu, 26 Oct 2023 08:53:21 -0400 Subject: [PATCH 08/12] update locals --- examples/private-endpoint/locals.tf | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/examples/private-endpoint/locals.tf b/examples/private-endpoint/locals.tf index 4383aec..e883104 100644 --- a/examples/private-endpoint/locals.tf +++ b/examples/private-endpoint/locals.tf @@ -2,16 +2,23 @@ locals { role_definition_resource_substring = "/providers/Microsoft.Authorization/roleDefinitions" azure_regions = [ - "westeurope", + "centralindia", + "uksouth", + "ukwest", + "japaneast", + "australiaeast", + "canadaeast", + "canadacentral", "northeurope", + "westeurope", "eastus", "eastus2", "westus", "westus2", - "southcentralus", + "westus3", "northcentralus", + "southcentralus", + "westcentralus", "centralus", - "eastasia", - "southeastasia", ] -} \ No newline at end of file +} From 75965e4af9774348f6d5cb8eeab700ad5c946f3c Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Thu, 26 Oct 2023 16:23:30 +0100 Subject: [PATCH 09/12] syle: make fmt --- examples/default/main.tf | 2 +- locals.tf | 2 +- main.tf | 2 +- outputs.tf | 2 +- variables.tf | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/default/main.tf b/examples/default/main.tf index e76e4e4..8329b21 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -54,4 +54,4 @@ module "hostpool" { workspace_resource_id = azurerm_log_analytics_workspace.this.id } } -} \ No newline at end of file +} diff --git a/locals.tf b/locals.tf index f74121e..3891edf 100644 --- a/locals.tf +++ b/locals.tf @@ -13,4 +13,4 @@ locals { } ] ]) : "${assoc.pe_key}-${assoc.asg_key}" => assoc } -} \ No newline at end of file +} diff --git a/main.tf b/main.tf index aeb74b6..97afd39 100644 --- a/main.tf +++ b/main.tf @@ -72,4 +72,4 @@ resource "azurerm_management_lock" "this" { name = coalesce(var.lock.name, "lock-${var.hostpool}") scope = azurerm_virtual_desktop_host_pool.hostpool.id lock_level = var.lock.kind -} \ No newline at end of file +} diff --git a/outputs.tf b/outputs.tf index b955c49..d896edf 100644 --- a/outputs.tf +++ b/outputs.tf @@ -11,4 +11,4 @@ output "azure_virtual_desktop_host_pool_id" { output "private_endpoints" { value = azurerm_private_endpoint.this description = "A map of private endpoints. The map key is the supplied input to var.private_endpoints. The map value is the entire azurerm_private_endpoint resource." -} \ No newline at end of file +} diff --git a/variables.tf b/variables.tf index 5c29469..40b9da7 100644 --- a/variables.tf +++ b/variables.tf @@ -208,4 +208,4 @@ A map of private endpoints to create on the Key Vault. The map key is deliberate - `name` - The name of the IP configuration. - `private_ip_address` - The private IP address of the IP configuration. DESCRIPTION -} \ No newline at end of file +} From 56628b910d55f9549c7580cd4f731c197518671e Mon Sep 17 00:00:00 2001 From: Jen Sheerin Date: Thu, 26 Oct 2023 11:23:33 -0400 Subject: [PATCH 10/12] add newline at eof --- examples/default/main.tf | 2 +- locals.tf | 2 +- main.tf | 2 +- outputs.tf | 2 +- variables.tf | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/default/main.tf b/examples/default/main.tf index e76e4e4..8329b21 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -54,4 +54,4 @@ module "hostpool" { workspace_resource_id = azurerm_log_analytics_workspace.this.id } } -} \ No newline at end of file +} diff --git a/locals.tf b/locals.tf index f74121e..3891edf 100644 --- a/locals.tf +++ b/locals.tf @@ -13,4 +13,4 @@ locals { } ] ]) : "${assoc.pe_key}-${assoc.asg_key}" => assoc } -} \ No newline at end of file +} diff --git a/main.tf b/main.tf index aeb74b6..97afd39 100644 --- a/main.tf +++ b/main.tf @@ -72,4 +72,4 @@ resource "azurerm_management_lock" "this" { name = coalesce(var.lock.name, "lock-${var.hostpool}") scope = azurerm_virtual_desktop_host_pool.hostpool.id lock_level = var.lock.kind -} \ No newline at end of file +} diff --git a/outputs.tf b/outputs.tf index b955c49..d896edf 100644 --- a/outputs.tf +++ b/outputs.tf @@ -11,4 +11,4 @@ output "azure_virtual_desktop_host_pool_id" { output "private_endpoints" { value = azurerm_private_endpoint.this description = "A map of private endpoints. The map key is the supplied input to var.private_endpoints. The map value is the entire azurerm_private_endpoint resource." -} \ No newline at end of file +} diff --git a/variables.tf b/variables.tf index 5c29469..40b9da7 100644 --- a/variables.tf +++ b/variables.tf @@ -208,4 +208,4 @@ A map of private endpoints to create on the Key Vault. The map key is deliberate - `name` - The name of the IP configuration. - `private_ip_address` - The private IP address of the IP configuration. DESCRIPTION -} \ No newline at end of file +} From f1302d6837001834d400e1a4990d84306ad7679b Mon Sep 17 00:00:00 2001 From: Jen Sheerin Date: Thu, 26 Oct 2023 17:51:34 -0400 Subject: [PATCH 11/12] variables update --- examples/default/variables.tf | 4 +++- examples/private-endpoint/variables.tf | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/examples/default/variables.tf b/examples/default/variables.tf index eea3ead..bd2c0ad 100644 --- a/examples/default/variables.tf +++ b/examples/default/variables.tf @@ -11,6 +11,7 @@ DESCRIPTION variable "hostpool" { type = string description = "The name of the AVD Host Pool." + default = "hostpool-1" validation { condition = can(regex("^[a-z0-9-]{3,24}$", var.hostpool)) error_message = "The name must be between 3 and 24 characters long and can only contain lowercase letters, numbers and dashes." @@ -19,5 +20,6 @@ variable "hostpool" { variable "hostpooltype" { type = string - description = "The type of the AVD Host Pool. Valid values are 'Pooled' and 'Personal'." + default = "Pooled" + description = "The type of the AVD Host Pool. Valid values are 'Pooled' or 'Personal'." } diff --git a/examples/private-endpoint/variables.tf b/examples/private-endpoint/variables.tf index eea3ead..bd2c0ad 100644 --- a/examples/private-endpoint/variables.tf +++ b/examples/private-endpoint/variables.tf @@ -11,6 +11,7 @@ DESCRIPTION variable "hostpool" { type = string description = "The name of the AVD Host Pool." + default = "hostpool-1" validation { condition = can(regex("^[a-z0-9-]{3,24}$", var.hostpool)) error_message = "The name must be between 3 and 24 characters long and can only contain lowercase letters, numbers and dashes." @@ -19,5 +20,6 @@ variable "hostpool" { variable "hostpooltype" { type = string - description = "The type of the AVD Host Pool. Valid values are 'Pooled' and 'Personal'." + default = "Pooled" + description = "The type of the AVD Host Pool. Valid values are 'Pooled' or 'Personal'." } From a70df40aa30f243486952593b57f23d95cb7e918 Mon Sep 17 00:00:00 2001 From: Jen Sheerin Date: Thu, 26 Oct 2023 17:54:47 -0400 Subject: [PATCH 12/12] readme update --- examples/default/README.md | 30 ++++++++++++++++------------- examples/private-endpoint/README.md | 30 ++++++++++++++++------------- 2 files changed, 34 insertions(+), 26 deletions(-) diff --git a/examples/default/README.md b/examples/default/README.md index 6ea2eaf..0f675e1 100644 --- a/examples/default/README.md +++ b/examples/default/README.md @@ -93,19 +93,7 @@ The following resources are used by this module: ## Required Inputs -The following input variables are required: - -### [hostpool](#input\_hostpool) - -Description: The name of the AVD Host Pool. - -Type: `string` - -### [hostpooltype](#input\_hostpooltype) - -Description: The type of the AVD Host Pool. Valid values are 'Pooled' and 'Personal'. - -Type: `string` +No required inputs. ## Optional Inputs @@ -121,6 +109,22 @@ Type: `bool` Default: `true` +### [hostpool](#input\_hostpool) + +Description: The name of the AVD Host Pool. + +Type: `string` + +Default: `"hostpool-1"` + +### [hostpooltype](#input\_hostpooltype) + +Description: The type of the AVD Host Pool. Valid values are 'Pooled' or 'Personal'. + +Type: `string` + +Default: `"Pooled"` + ## Outputs No outputs. diff --git a/examples/private-endpoint/README.md b/examples/private-endpoint/README.md index 92a86d8..048968c 100644 --- a/examples/private-endpoint/README.md +++ b/examples/private-endpoint/README.md @@ -122,19 +122,7 @@ The following resources are used by this module: ## Required Inputs -The following input variables are required: - -### [hostpool](#input\_hostpool) - -Description: The name of the AVD Host Pool. - -Type: `string` - -### [hostpooltype](#input\_hostpooltype) - -Description: The type of the AVD Host Pool. Valid values are 'Pooled' and 'Personal'. - -Type: `string` +No required inputs. ## Optional Inputs @@ -150,6 +138,22 @@ Type: `bool` Default: `true` +### [hostpool](#input\_hostpool) + +Description: The name of the AVD Host Pool. + +Type: `string` + +Default: `"hostpool-1"` + +### [hostpooltype](#input\_hostpooltype) + +Description: The type of the AVD Host Pool. Valid values are 'Pooled' or 'Personal'. + +Type: `string` + +Default: `"Pooled"` + ## Outputs No outputs.